DHCP Failover and duplicate responses

John Tabasz (jtabasz) jtabasz at cisco.com
Sat Sep 8 00:36:42 UTC 2007 

Right. Failover is the wrong term. It's more like duplicated service.
I'm after redundancy so the clients don't get confused. 

-----Original Message-----
From: dhcp-users-bounce at isc.org [mailto:dhcp-users-bounce at isc.org] On
Behalf Of Glenn Satchell
Sent: Friday, September 07, 2007 5:20 PM
To: dhcp-users at isc.org
Subject: RE: DHCP Failover and duplicate responses

If you think about it, if you only do static clients, then you don't
need failover at all, *and* you can have as many dhcp servers as you
like. Most clients don't care if they get 2, 3 or 10 responses...

regards,
-glenn

>Subject: RE: DHCP Failover and duplicate responses
>Date: Fri, 7 Sep 2007 15:29:44 -0700
>From: "Matt Cowger" <mcowger at salesforce.com>
>
>John,
>
>We do this exact setup.  It works great for us.  Both servers hear and 
>respond to each DHCPDISCOVER/REQUEST, and respond with the same 
>response.  The client just picks the first one it gets back.  No 
>problems encountered yet, except that if you put a bad config file in 
>place, you mess up both servers :)....
>
>--Matt
>
>
>
>-----Original Message-----
>From: dhcp-users-bounce at isc.org [mailto:dhcp-users-bounce at isc.org] On 
>Behalf Of John Tabasz (jtabasz)
>Sent: Friday, September 07, 2007 3:24 PM
>To: dhcp-users at isc.org
>Subject: RE: DHCP Failover and duplicate responses
>
>I have a different sort of failover setup and have a question about it.
>Every lease I serve is static. There are no pools defined at all. 
>Rather than using failover, my idea is to use a duplicate server with 
>the same exact config file on it. That way if one server fails for a 
>reason unique to it, the other will still be there to server leases.
>Can anyone out there comment on this? What will happen when two servers

>hear the DHCPDISCOVER requests from a client? I'm assuming there will 
>be some difference in response time, due to network topology and 
>hardware differences on the servers. Both servers have the same IP and 
>netmask etc information for any particular MAC address.
>
>Comments?
>
>John
>
>-----Original Message-----
>From: dhcp-users-bounce at isc.org [mailto:dhcp-users-bounce at isc.org] On 
>Behalf Of Glenn Satchell
>Sent: Wednesday, September 05, 2007 4:40 PM
>To: dhcp-users at isc.org
>Subject: Re: DHCP Failover and duplicate responses
>
>Setting dhcp-server-identifier to the gateway is wrong. The ip-helpers 
>on the gateway are only used when the client broadcasts the 
>DHCPDISCOVER. After that the client will send a normal unicast packet 
>to the dhcp server for renewal. The renewal is done when the IP stack 
>is fully configured, so it can route to the dhcp server if necessary.
>
>In other respects the servers are behaving correctly. Each is receiving

>the request and responding with an ack, as they are supposed to.
>
>regards,
>-glenn
>
>>Date: Wed, 5 Sep 2007 16:27:26 -0500
>>From: "Cory Meyer" <cory.meyer at gmail.com>
>>Subject: DHCP Failover and duplicate responses
>>
>>With DHCP failover configured correctly should both servers be 
>>responding to the same dhcp request?
>>
>>I know that the leases db is staying synced as they will both ACK with
>the
>>same IP.   I'm running into the issue with both 3.0.5 and 3.0.6 on
>Debian
>>3.1.  Just to be sure that it wasn't issues with my dhcpd.leases file 
>>dhcpd was stopped on both servers, emptied and started again with the
>same
>>issue.   Running omshell to get the failover state is showing both
>servers
>>in normal mode once the recovery + MCLT has passed.
>>
>>The reason as to why this might be an issue is that in our production 
>>enviroment our routers are setup with 2 ip helper-address statements.
>>One to the primary and one to the secondary server.  Option
>>dhcp-server-identifier is set to the local GW for that network.   This
>means
>>that DHCREQUEST packets will be sent to both servers.    Normally with
>both
>>servers sending an identical ACK it should be an issue though I seem 
>>to
>
>>remember Windows Me and 98 clients that would fail an IP renewal due 
>>to
>
>>the almost identical ACK.
>>
>>
>>Any ideas or suggestions?   So far the DHCP Handbook has been a great
>help
>>though I think I might have missed something.
>>
>>
>>
>>dhcp-01 is the primary.   dhcp-02 is the secondary.
>>
>>Here is what I'm seeing in the logs with a Windows XP SP2 client:
>>
>>Sep  5 11:13:20 dhcp-01 dhcpd: DHCPDISCOVER from 52:54:00:12:34:56
>>(noctest-jjmiw1z) via eth0: load balance to peer dhcp Sep  5 11:13:20
>>dhcp-01 dhcpd: DHCPREQUEST for 10.2.1.128 ( 10.2.1.203) from
>>52:54:00:12:34:56 (noctest-jjmiw1z) via eth0 Sep  5 11:13:20 dhcp-02
>>dhcpd: DHCPDISCOVER from 52:54:00:12:34:56
>>(noctest-jjmiw1z) via eth0
>>Sep  5 11:13:20 dhcp-01 dhcpd: DHCPACK on 10.2.1.128 to
>>52:54:00:12:34:56
>>(noctest-jjmiw1z) via eth0
>>Sep  5 11:13:20 dhcp-02 dhcpd: DHCPOFFER on 10.2.1.128 to
>>52:54:00:12:34:56
>>(noctest-jjmiw1z) via eth0
>>Sep  5 11:13:20 dhcp-02 dhcpd: DHCPREQUEST for 10.2.1.128 (10.2.1.203)

>>from
>>52:54:00:12:34:56 (noctest-jjmiw1z) via eth0 Sep  5 11:13:20 dhcp-02
>>dhcpd: DHCPACK on 10.2.1.128 to 52:54:00:12:34:56
>>(noctest-jjmiw1z) via eth0
>>
>>
>>Here is my configuration:
>>### dhcpd.conf   #This is mirrored on both servers.
>>ddns-update-style none;
>>one-lease-per-client true;
>>authoritative;
>>ping-check true;
>>#use-host-decl-names on;
>>omapi-port 7911;
>>key "omapi_key" {
>>        algorithm hmac-md5;
>>        secret "******";
>>};
>>omapi-key omapi_key;
>>
>>log-facility local7;
>>
>>stash-agent-options on;
>>include "/etc/dhcpd.failover.conf";
>>include "/etc/dhcpd.pools.conf";
>>## End dhcpd.conf
>>
>>## PRIMARY dhcpd.failover.conf ##
>>failover peer "dhcp" {
>>  primary;
>>  address 10.2.1.202;
>>  port 847;
>>  peer address 10.2.1.203;
>>  peer port 647;
>>  max-response-delay 60;
>>  max-unacked-updates 10;
>>  load balance max seconds 3;
>>  mclt 180;
>>  split 128;
>>}
>>## End PRIMARY dhcpd.failover.conf ##
>>
>>## Secondary dhcpd.failover.conf ##
>>failover peer "dhcp" {
>>  secondary;
>>  address 10.2.1.203;
>>  port 647;
>>  peer address 10.2.1.202;
>>  peer port 847;
>>  max-response-delay 180;
>>  load balance max seconds 3;
>>  max-unacked-updates 10;
>>}
>>## End Secondary dhcpd.failover.conf
>>
>>## dhcpd.pools.conf   ## Mirrored on both servers.
>>shared-network testing1 {
>>  subnet 10.2.1.0 netmask 255.255.255.0 {
>>    pool {
>>      failover peer "dhcp";
>>      option routers 10.2.1.254;
>>      option broadcast-address 10.2.1.255;
>>      option subnet-mask 255.255.255.0;
>>      deny dynamic bootp clients;
>>      range 10.2.1.0 10.2.1.253;
>>      option domain-name-servers 10.2.1.254 ;
>>      default-lease-time 7200;
>>      max-lease-time 14400;
>>    }
>>  }
>>} ## End Shared-Network testing1
>>##  End dhcpd.pools.conf
>
>

More information about the dhcp-users mailing list